Reference

How h2o2 Handles Your Personal Data

At h2o2, we take the handling of your personal data seriously — this page sets out exactly what we collect, why we collect it, and how you can…

Data collected only for account useUPI, Paytm, PhonePe transactions encryptedRight to access your data anytimeRetention periods clearly statedContact us to request deletion
Browse lobby Read FAQ
h2o2 How h2o2 Handles Your Personal Data
PRIVACY CONTACT PATHS

Reach Our Privacy Team Directly

If you have questions about how we handle your data, want to request a copy of the information we hold, or need to ask us to delete your account data, our privacy team is reachable through the channels below. We aim to respond to all privacy-related requests within 30 days of receipt.

Team online

Email Privacy Team

Send your data request or privacy question to our dedicated address at [email protected]. We acknowledge every request within 48 hours and aim to resolve it fully within 30 days.

Live Chat Support

Our support chat at h2o2.co is available around the clock. Raise a privacy query there and the agent will escalate it to the privacy team on the same day for a formal response.

Written Request

For formal deletion or data-access requests, use the account settings page under 'Privacy & Data'. Submitting through there creates an auditable ticket so you can track progress from your dashboard.

DATA HANDLING PRACTICES

How We Protect and Manage Your Account Data

Security and transparency sit at the centre of how h2o2 manages your account information.

Encryption at Rest and in Transit

All personal data stored on our servers is encrypted using AES-256. Data moving between your device and h2o2.co travels over TLS 1.3 so your session details, payment references, and account credentials cannot be intercepted in transit.

Cookie Policy and Your Choices

We use strictly necessary cookies to keep you logged in and functional cookies to remember your language preference. Analytics cookies are optional — you can decline them via the cookie banner shown on your first visit without losing any account functionality.

Account Security Measures

Your account is protected by password hashing and optional two-factor authentication via SMS or an authenticator app. Unusual login attempts from new devices trigger an email alert so you can act before any access is granted.

Data Retention Periods

Active account data is retained for as long as your account remains open. Once you close your account, we retain transaction records for seven years as required by Indian financial regulations, then delete all remaining personal data.

Who Can Access Your Data

Inside h2o2, access to personal data is role-restricted — only teams with a direct operational need (fraud review, payment reconciliation, support escalation) can view your records. All internal access is logged and audited monthly.

Requesting Changes or Deletion

You can request a copy of all data we hold, ask us to correct inaccuracies, or ask for full deletion via [email protected] or the account settings panel. We confirm receipt within 48 hours and complete all actions within 30 days.

Common Questions About Your Privacy at h2o2

Below you will find answers to the questions our account holders ask most often about data collection, storage, and their rights under our privacy policy. If your question is not covered here, reach us at [email protected].

We collect your name, email address, date of birth, mobile number, and the device details recorded during your session. Payment method identifiers from UPI, Paytm, or PhonePe are also stored to reconcile your deposits and withdrawals against your account balance.

We share data only with the payment processors needed to complete your transactions — UPI, Paytm, PhonePe — and only the minimum fields each rail requires. We do not sell your personal data to advertisers, data brokers, or any other third party for marketing purposes.

Transaction and financial records are kept for seven years to meet Indian regulatory requirements. All other personal data — profile details, session logs, preferences — is deleted within 90 days of your account closure request being confirmed.

Yes. Email [email protected] with the subject line 'Data Access Request' from the address linked to your account. We will compile and send you a full copy of your data within 30 days, at no charge.

Use the 'Privacy & Data' section inside your account settings, or email [email protected]. Corrections are processed within 14 days. Deletion requests are completed within 30 days, subject to the mandatory seven-year retention rule for financial records.

We use necessary cookies (login session, security tokens) and optional analytics cookies. You can reject analytics cookies on the cookie banner without losing access to your account. Necessary cookies cannot be switched off as they are required to keep your session secure.

All payment data travels over TLS 1.3 and is processed directly by the respective payment rails. h2o2 stores only the transaction reference number — we never store your UPI PIN, Paytm password, or PhonePe credentials on our servers at any point.

Related Pages

h2o2 App h2o2 Login About Us Emerald Isle